Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-33568Files or Directories Accessible to External Parties in ERP CRM

CWE-552Files or Directories Accessible to External PartiesCWE-200Sensitive Information Exposure6 documents5 sources
Severity
7.5HIGHNVD
EPSS
89.8%
top 0.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dolibarr ERP CRMDolibarr
Timeline
PublishedJun 13

Description

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Packagistdolibarr/dolibarr16.0.016.0.5
NVDdolibarr/dolibarr_erp_crm16.0.016.0.5

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
CVEList
CVE-2023-33568: An issue in Dolibarr 16 before 162023-06-13
OSV
CVE-2023-33568: An issue in Dolibarr 16 before 162023-06-13
GHSA
Dolibarr vulnerable to unauthenticated database access2023-06-13
OSV
Dolibarr vulnerable to unauthenticated database access2023-06-13

💥Exploits & PoCs

1
Nuclei
Dolibarr Unauthenticated Contacts Database Theft
CVE-2023-33568 — Dolibarr ERP CRM vulnerability | cvebase